Computer Security Companies Debate Flame's Origins

Yesterday, on this program we told you about a new cyber-spying program that goes by the name Flame. Kaspersky Lab, a Russian computer security company, says it found the program lurking on computers in the Middle East. The company says Flame is a very sophisticated piece of spyware, so sophisticated, it must have been created by a country's government. But as NPR's Martin Kaste reports, it didn't take long for other security experts to cast doubt on those claims.

MARTIN KASTE, BYLINE: Kaspersky researcher Roel Schouwenberg calls Flame an espionage toolkit, capable of spying on a computer in any number of ways.

ROEL SCHOUWENBERG: It can capture all network data flowing to and from the computer. It can also actually activate the microphone on the computer to eavesdrop on conversations.

KASTE: Schouwenberg thinks Flame comes from the same source as Stuxnet, the malware that sabotaged engineering equipment in Iran, and which is widely believed to have been launched by Israel or the U.S. Flame's programming looks different, but it spreads itself in a similar way, and Schouwenberg thinks the two programs may have been parallel projects.

SCHOUWENBERG: Flame was actually much more successful in its target of being stealth and unnoticeable on the system than Stuxnet.

JOE JAROCH: We actually saw this threat back on December 5th of 2007.

KASTE: Joe Jaroch is vice-president of an American computer security company called Webroot. He says his company blocked Flame back then and didn't think much of it.

JAROCH: We've definitely taken a closer look at it now. It's impressive in that it's gigantic.

KASTE: Flame is a big program full of legitimate-looking software, something Jaroch says may have helped it to look benign and slip past other anti-virus companies. And he is not convinced that Flame is the uber-sophisticated product of some country's spy agency.

JAROCH: There's probably multiple authors, but based on the fact that it isn't really all that armored, and it's really just a relatively static threat, I would say this probably isn't done by some large organization.

KASTE: Of course, it's no surprise to hear one computer security company rain on another's parade. But the announcement by Kaspersky Lab also came under some scrutiny yesterday because the company is based in Russia. Jim Lewis, at the Center for Strategic and International Studies, says one should at least consider the potential geopolitical motives.

JIM LEWIS: You know, it damages the U.S. a little bit to put this story out there. If it was an Israeli or U.S. or British collection program, the Russians found it and they've turned it off. They would regard that as a success.

KASTE: Then again, there are also some more mundane reasons to publicize spyware like Flame.

JEFF FISCHBACH: I don't envy the anti-virus companies.

KASTE: Computer forensic expert Jeff Fischbach says these days PCs are a lot less vulnerable to spyware than they were ten years ago. He recalls a time when there were so many holes in Microsoft Windows he bought multiple anti-virus products just to be safe. But no longer.

FISCHBACH: I can't remember the last time I actually went out and purchased a boxed anti-virus program.

KASTE: He says as Microsoft has become better at patching some of those holes, security companies have had more reason to call attention to super-spyware like Flame.